SNS

Developer of blockchain technologies intended to provide consumers with a Web 3.0 identity. The company's primary product, Solana Name Service (SNS) provides a human-readable name that maps to an SOL address, thereby removing the barrier to entry and providing an identifiable address that can facilitate payments, efficiency, and overall user experience in the sphere.

For more information about SNS, please visit https://sns.id

SNS provides rewards in FIDA. For more details about the payment process, please view the Rewards by Threat Level section further below.

KYC Requirement

The provision of KYC is required to receive a reward for this bug bounty program where the following information will be required to be provided:

• Wallet address where you’ll receive payment;
• Proof of address (either a redacted bank statement with your address or a recent utility bill with your name, address, and issuer of the bill);
• Copy of your passport will be required.

KYC information is only required on confirmation of the validity of a bug report.

Primacy of Impact vs Primacy of Rules

SNS adheres to the Primacy of Impact for the following impacts:

• Smart Contract - Critical
• Smart Contract - High
• Smart Contract - Medium
• Smart Contract - Low
• Websites & Applications - Critical
• Websites & Applications - High
• Websites & Applications - Medium
• Websites & Applications - Low

If an impact is covered within the Primacy of Impact, it means that even if the impacted asset is not in-scope but is owned by the project, then it would be considered as in-scope of the bug bounty program. When submitting a report, just select the Primacy of Impact asset placeholder. If the team behind this project has multiple projects, those other projects are not covered under the Primacy of Impact of this program. Instead, check if those other projects have a bug bounty program on Immunefi.

All other impacts are considered under the Primacy of Rules, which means that they are bound by the terms of the bug bounty program.

All other severity levels not listed here are considered under the Primacy of Rules, which means that they are bound by the terms of the bug bounty program.

Known Issue Assurance

SNS commits to providing Known Issue Assurance to bug submissions through their program. This means that SNS will either disclose known issues publicly or at the very least privately via a self-reported bug submission in order to allow for a more objective and streamlined mediation process to prove that an issue is known. Otherwise, assuming the bug report itself is valid, it would result in the bug report being considered in-scope and due 100% of the reward with respect to the bug bounty program terms.

Immunefi Standard Badge

SNS has satisfied the requirements for the Immunefi Standard Badge, which is given to projects that adhere to our best practices.

Repeatable Attack Limitations

In cases of repeatable attacks for smart contract bugs, only the first attack will be counted, regardless of whether the smart contract is upgradable, pausable, or killable.

Restrictions on Security Researcher Eligibility

Security researchers who fall under any of the following are ineligible for a reward

• OFAC-sanctioned countries residents are ineligible
• OFAC-sanctioned individuals are ineligible

Proof of Concept (PoC) Requirements

A PoC is required for the following severity levels:

• Smart Contract - Critical - PoC Required
• Smart Contract - High - PoC Required
• Smart Contract - Medium - PoC Required
• Smart Contract - Low - PoC Required
• Website & Applications - Critical - PoC Required
• Website & Applications - High - PoC Required
• Website & Applications - Medium - PoC Required
• Website & Applications - Low - PoC Required

All PoCs submitted must comply with the Immunefi-wide PoC Guidelines and Rules. Bug report submissions without a PoC when a PoC is required will not be provided with a reward